<?php
	require_once("functions.php");
	
	if(isLoggedIn()){
		header("location:workspace.php");
	}
	
	$con = connectToDB();
	
	$uname = (isset($_POST["username"])) ? mysql_real_escape_string($_POST["username"]) : "";
	$pword = (isset($_POST["password"])) ? md5($_POST["password"]) : "";		//encrypt password for security
	$result = mysql_query("select * from user where username = '$uname' and password = '$pword'",$con);
	$nrows = mysql_num_rows($result);
	
	if($nrows == 1){
		$row = mysql_fetch_array($result);
		if(strcmp($row["username"],$_POST["username"])!=0){
			header("location:index.php?message=".urlencode("The username or password you entered is incorrect."));
			die();
		}
		if(strcmp($row["password"],$pword)!=0){
			header("location:index.php?message=".urlencode("The username or password you entered is incorrect."));
			die();
		}
	}else{
		header("location:index.php?message=".urlencode("The username or password you entered is incorrect."));
		die();
	}
	
	$_SESSION['username'] = $row["username"];
	
	mysql_free_result($result);
	header("location:workspace.php");
?>